General Data Protection Regulation (GDPR)

What is the GDPR?

The GDPR is a new, comprehensive data protection law in the European Union (EU) that updates existing laws to strengthen the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.

What CaterTrax is Doing

Like many technology providers, CaterTrax has completed the steps required for these regulations and their enforcement. The GDPR mandate protects both CaterTrax, it’s customer data, and individual user data. We have added the Fair Processing Notice to the copyright of all CaterTrax sites, and have a process in place to receive GDPR complaints, which you can find below on this page.

Frequently Asked Questions

The GDPR regulates the “processing,” which includes the collection, storage, transfer, or use of personal data about EU individuals. Any organization that processes personal data of EU individuals, including tracking their online activities, is within the scope of the law, regardless of whether the organization has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).

Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.

New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.

Binding Corporate Rules (BCRs): The GDPR officially recognizes BCRs as a means for organizations to legalize transfers of personal data outside the EU.

Enforcement: Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred.

One stop shop: The GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.

Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitutes as personal data.

Submit a Request

Please select one or more of the following options below and our team will follow up appropriately. Right of Access means citizens can access their personal information by requesting it via the form. Right of Erasure is a citizens request for all personal data to be released to them. Data Portability is a request to transfer personal data from one electronic system to another.